Dual GW Arch compatibility#5370
Open
vdinesh4738 wants to merge 132 commits into
Open
Conversation
…#4633) Bumps [github.com/go-jose/go-jose/v3](https://github.com/go-jose/go-jose) from 3.0.3 to 3.0.4. - [Release notes](https://github.com/go-jose/go-jose/releases) - [Changelog](https://github.com/go-jose/go-jose/blob/main/CHANGELOG.md) - [Commits](go-jose/go-jose@v3.0.3...v3.0.4) --- updated-dependencies: - dependency-name: github.com/go-jose/go-jose/v3 dependency-version: 3.0.4 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sreeram Narayanan <sreeram.narayanan@hashicorp.com>
* update: go version to 1.24.5 * add: changelog
* go-discover version upgrade * Adding change log
* update: go version to 1.24.5 in .go-version * fix: typo in changelog
…E-2025-55199 (#4696) * security: update helm.sh/helm/v3 to v3.18.5 to fix CVE-2025-55198, CVE-2025-55199 * add: changelog
* Add support for enabling Consul dataplane as a sidecar container * Add sidecar initial probe check delay configuration * Add sidecar probe period, failure threshold, and timeout configurations * Update default sidecar probe configurations for improved reliability * Add tests for Consul dataplane sidecar lifecycle configuration and probe handling * added changelog * Add configuration for Consul dataplane as sidecar init container in values.yaml * Bump kind version to v0.27.0 in CI inputs for compatibility updates
* Fixing flaky tests * Setting eks version to 1.32 * Addition of force namespace deletion on cleanup of openshift * Changing retry conditions for api_gateway_sink_test * Fixing linting issue of return value not checked * Addition of github workflow workflows/pr-cloud-accepance.yml * Updating csi-driver addon_version to latest * tesing changes in pajay.rao/release-test branch * Addition of pull_request branchs to pr-cloud-accepance test * Changing branch to test branch for pr accpetance tests * Extending timer for flaky test cases * Updating kind version to v0.27.0 * Reverting consul-k8-workflow branchs to main * Increasing timeout for mulitple checks * Changing branch to test * Addition of cidr for gke cluster creation * Updating gke cluster cidr * Updating gke cluster cidr * Updating gke cluster cidr * Updating gke cluster cidr * Updating gke cluster cidr * Addition of new random variable to all resources for gke cluster creation * Addition of new random variable to all resources for gke cluster creation * Addition of new random variable to all resources for gke cluster creation * Addition of new random variable to all resources for gke cluster creation * Addition of new random variable to all resources for gke cluster creation * Addition of new random variable to all resources for gke cluster creation * Addition of new random variable to all resources for gke cluster creation * Addition of new random variable to all resources for gke cluster creation * Addition of new random variable to all resources for gke cluster creation * Addition of new random variable to all resources for gke cluster creation * Addition of new random variable to all resources for gke cluster creation * Addition of new random variable to all resources for gke cluster creation * Addition of new random variable to all resources for gke cluster creation * Addition of new random variable to all resources for gke cluster creation * Addition of new random variable to all resources for gke cluster creation * Addition of new random variable to all resources for gke cluster creation * Addition of new random variable to all resources for gke cluster creation * Addition of new random variable to all resources for gke cluster creation * Addition of new random variable to all resources for gke cluster creation * Addition of new random variable to all resources for gke cluster creation * Addition of new random variable to all resources for gke cluster creation * Fixing regex pattern for firewall name * Fixing regex pattern for firewall name * Fixing regex pattern for firewall name * Increasing retry timer for tests * Addition of comments and reverting test branch to main * Formatting terraform script * Increasing timeout in few cases * Fixing small fix in tests
…health check in consul (#4715)
Co-authored-by: P Ajay Rao <pajay.rao@hashicorp.com>
…ups (#4757) * fixes : - token watcher returns err on more conditions - directory watcher returns err on some more conditions and continues in case of recoverable cases - cleanup files like cni-binary - watch and recreate cni-binary & cni-host-token if applicable - kill watchers before cleanup to avoid race condition updates on config files - handle sigCh commonly for all watchers - prevent breaking out of watchers * final commit * consul test setup * All tests fixed * race condition fix * race condition while removing CNI fix * fix remove multiple plugins of consul-cni if present * fixing bin watcher * testing binary race condition fix * miss of a race condition return * fix race condition * fixed race conditions with older versions where no cleanup was done for binary * changelog commit * race condition wait group outside goroutine * run workflows * run tests with new concurrency group * PR comments fixed * fix test for acceptance
* Update deployment.go * Update deployment.go * changelog added and uniqueness group * rename file * add uniqueness group in cloudacceptamnce * Update 4717.txt * Update pr.yml * Update pr-cloud-acceptance.yml * Create 4767.txt * as per comments
* granularity of package level concurrency * test-status-reporting commit with k8s-workflow * uniqueness group for old workflow shutdown at level of same pr * input params fix to dispatch * dispatch fix * group fix for differnt groups * change dispatch to main as workflows PR is merged * bypass tests for unblocking others * test force pass * revert force checks pass * dispatch context fix to one branch * pr ref caused build failures when / is present causing dispatched workflow failures
update make path
* feat: add dual stack support for Consul configuration * added changelog * wrapping IPv6 addresses with [] * passing pr no in inputs in config file * fix: correct dualStack.defaultEnabled reference path
* update: go version to 1.25.1 * update: golangci-lint version to v2.4.0 * update: consul-server-connection-manager to v0.1.12 * add: changelog
updated consul version to 1.22.0-dev
dded support to sync multiple ports to consul from k8s for catalog sync
suppress cves
* use named constant for security context with net bind service * Allow ingress gateway users who do not bind to privileged ports to opt out of NET_BIND_SERVICE * Remove NET_BIND_SERVICE everywhere other than the ingress-gateway container * Use custom securityContext for ingress-gateway container This will enable a future commit to remove NET_BIND_SERVICE from the widely shared consul.restrictedSecurityContext * Use privileged dataplane entrypoint for ingress-gateway which may bind to privileged ports * Added logic to use privileged image with net_bind_address capability if the listener port is less than 1024 * feat: using the privileged image on ingress gateway and mesh gateway only if privileged port is used * improvement: restrict usage of NET_BIND_SERVICE capability * improvement: restrict usage of NET_BIND_SERVICE capability * fix: update tests * fix: updated tests to use constants * Use privileged dataplane entrypoint for consul-dataplane * addressed review comments * fixed dns proxy deployment file to use privileged image for privileged ports * explicitly setting the drop all capabilities for the sidecar * explicitly setting the drop all capabilities for the sidecar --------- Co-authored-by: jm96441n <john.maguire@hashicorp.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> Co-authored-by: github-team-consul-core <github-team-consul-core@hashicorp.com>
* Addition of ipv6 changes for consul-k8s connect inject and cni * Addition of changelog * Updating go mod and sum * Fixing multiple testcases * Updating go mod and go sum * joining host port using net.JoinHostport * Fixing acceptance test cases * Addition of gateway connsul config * Testing testcases * testing commeting out envoy admin port config * testing commeting out envoy admin port config * Updating images for testing purpose * Reverting the values.yaml changes * addition of logs to kubectl * addition of logs to kubectl * Addition of error log for testing * Reverting the values.yaml changes * addition of latest enterprise image * addition of latest enterprise image * testing consul token permission issue * Moving dual stack check to env variable * Increating timeout to 10m * Changing dualstack check to env variable * Addition of dualstack key for testing * Using env variable for api gateway check * Fixing test cases * Fixing test cases * Fixing test cases * Fixing test cases * Addition of dualstack env to gatekeeper init * Reverting back to consul original images * Updating branch for consul-k8s-workflows * Addition of get all pods logs * Addition of get all pods logs * Updating max-parallel: 20 for acceptance tests * addition of logs * addition of logs * addition of logs * addition of logs * Updating values.yaml images as per rc-1 builds
Co-authored-by: github-team-consul-core <github-team-consul-core@hashicorp.com>
* fix tests in api-gw connect peering packages * reduce timeout in apiGateway_KitchenSink test * reduce retries in endpoints controller * added changelog * [endpoints.controller] use podIP from endpoint instead of pod * cleanup comments and update changelog * dump all failed init container logs * update consul-dns test * updated consul-dns test * add retries to patching httproute * updated retries in api-gateway
* post 1.9.0-rc1 release activity * post 1.9.0-rc1 release activity * added weekly acceptance tests * fixed version * fixed version * fixed version in values.yaml * fixed consul version
…policy added "component: api-gateway" for stable controller and "component: api-gateway-consul" for custom controller. Added kind check in the gatewaypolicies. Webhook denies the policy if targetRef.kind is not Gateway.
* kind test check * Update kind_acceptance_test_packages.yaml * Update api_gateway_lifecycle_test.go * final reconcile for previously controlled gateway * Update api_gateway_lifecycle_test.go * log check * Update api_gateway_lifecycle_test.go * Update api_gateway_lifecycle_test.go * Update gateway_controller.go * Update api_gateway_lifecycle_test.go * Update gateway_controller.go * fixed api-gateway lifecycle testcase * enable all tcs * verify the cross partiton case * use last version image for consul * Update partitions_gateway_test.go * new image * Update partitions_gateway_test.go * Update values.yaml * revert to what is needed * lint * enable gatewayclass; add labels introduced in new manifests * Update command.go
…5252) * fix: correct FIPS Consul version check in connect-init The original code had three bugs: 1. Called /v1/agent/version which does not exist in Consul (404) 2. Passed a nil map by value to Raw().Query(), so the response was never populated and versionInfo was always empty 3. Missing else guard meant the 'non-FIPS detected' warning always fired unconditionally, even when the API call failed The fix reads state.DataplaneFeatures['DATAPLANE_FEATURES_FIPS'] which is already populated by consul-server-connection-manager during initialization via GetSupportedDataplaneFeatures. This is the authoritative, zero-cost way to check server FIPS status.
* fix(custom-gw): filename mismatch * added changelog
* updated yaml * Add changelog for boolean helm values formatting fix * added changelog * removed not needed type conversion
* fix: duplicate imagePullPolicy in Server StatefulSet
* updated yaml * Fix HTTPRoute generic collision by adding correct shortNames * removed unnecessary changes * Add changelog for PR 5328 * updated changelog * revert not needed changes * revert not needed changes * Restore RBAC rules for c-prefixed CRDs
* remove template crd-gatewaypolicies-custom.yaml * add changelog
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| gomodules.xyz/jsonpatch/v2 v2.4.0 | ||
| google.golang.org/grpc v1.79.3 | ||
| google.golang.org/grpc v1.75.1 |
| golang.org/x/crypto v0.52.0 // indirect | ||
| go.yaml.in/yaml/v2 v2.4.3 // indirect | ||
| go.yaml.in/yaml/v3 v3.0.4 // indirect | ||
| golang.org/x/crypto v0.51.0 // indirect |
| golang.org/x/crypto v0.52.0 // indirect | ||
| go.yaml.in/yaml/v2 v2.4.3 // indirect | ||
| go.yaml.in/yaml/v3 v3.0.4 // indirect | ||
| golang.org/x/crypto v0.51.0 // indirect |
| golang.org/x/crypto v0.52.0 // indirect | ||
| go.yaml.in/yaml/v2 v2.4.3 // indirect | ||
| go.yaml.in/yaml/v3 v3.0.4 // indirect | ||
| golang.org/x/crypto v0.51.0 // indirect |
| golang.org/x/crypto v0.52.0 // indirect | ||
| go.yaml.in/yaml/v2 v2.4.3 // indirect | ||
| go.yaml.in/yaml/v3 v3.0.4 // indirect | ||
| golang.org/x/crypto v0.51.0 // indirect |
| golang.org/x/crypto v0.52.0 // indirect | ||
| go.yaml.in/yaml/v2 v2.4.3 // indirect | ||
| go.yaml.in/yaml/v3 v3.0.4 // indirect | ||
| golang.org/x/crypto v0.51.0 // indirect |
| golang.org/x/crypto v0.52.0 // indirect | ||
| go.yaml.in/yaml/v2 v2.4.3 // indirect | ||
| go.yaml.in/yaml/v3 v3.0.4 // indirect | ||
| golang.org/x/crypto v0.51.0 // indirect |
| github.com/form3tech-oss/jwt-go v3.2.3+incompatible // indirect | ||
| github.com/go-jose/go-jose/v4 v4.1.4 // indirect | ||
| github.com/fxamacker/cbor/v2 v2.9.0 // indirect | ||
| github.com/go-jose/go-jose/v3 v3.0.4 // indirect |
| gomodules.xyz/jsonpatch/v2 v2.4.0 | ||
| google.golang.org/grpc v1.79.3 | ||
| google.golang.org/grpc v1.75.1 |
| go.opentelemetry.io/otel/trace v1.43.0 // indirect | ||
| go.opentelemetry.io/auto/sdk v1.1.0 // indirect | ||
| go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 // indirect | ||
| go.opentelemetry.io/otel v1.37.0 // indirect |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.